-
Notifications
You must be signed in to change notification settings - Fork 35
Rework haproxy config for stickiness and balance strategy #208
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 6 commits
ba2fd30
ba3d9fd
7411535
8c3fdbf
1c6dbf8
592b5d9
c07c255
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -25,6 +25,8 @@ | |
| attribute :address, kind_of: String, default: "0.0.0.0" | ||
| attribute :port, kind_of: Integer, default: 0 | ||
| attribute :mode, kind_of: String, default: "http", equal_to: ["http", "tcp", "health"] | ||
| attribute :balance, kind_of: String, default: "", equal_to: ["", "roundrobin", "static-rr", "leastconn", "first", "source"] | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Metrics/LineLength: Line is too long. [124/100] (https://github.com/SUSE/style-guides/blob/master/Ruby.md#metricslinelength)
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. And this one :D |
||
| attribute :use_ssl, kind_of: [TrueClass, FalseClass], default: false | ||
| attribute :stick, kind_of: Hash, default: {} | ||
| attribute :options, kind_of: Array, default: [] | ||
| attribute :servers, kind_of: Array, default: [] | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -40,11 +40,47 @@ listen admin-stats <%= node[:haproxy][:stats][:enabled] ? node[:haproxy][:stats | |
| <% content = node[:haproxy][:sections][type][name] -%> | ||
| <%= type %> <%= name %> | ||
| bind <%= content[:address] %>:<%= content[:port] %> | ||
| <% if content[:use_ssl] -%> | ||
| mode tcp | ||
| balance source | ||
| <% else -%> | ||
| mode <%= content[:mode] %> | ||
| <% unless content[:balance].nil? -%> | ||
| balance <%= content[:balance] %> | ||
| <% end -%> | ||
|
|
||
| <% if content[:use_ssl] # http://blog.exceliance.fr/2011/07/04/maintain-affinity-based-on-ssl-session-id/ -%> | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. can we set this url to the proper one? that redirects to |
||
| # maximum SSL session ID length is 32 bytes. | ||
| stick-table type binary len 32 size 30k expire <%= content[:stick][:expire] %> | ||
|
|
||
| acl clienthello req_ssl_hello_type 1 | ||
| acl serverhello rep_ssl_hello_type 2 | ||
|
|
||
| # use tcp content accepts to detects ssl client and server hello. | ||
| tcp-request inspect-delay 5s | ||
| tcp-request content accept if clienthello | ||
|
|
||
| # no timeout on response inspect delay by default. | ||
| tcp-response content accept if serverhello | ||
|
|
||
| # SSL session ID (SSLID) may be present on a client or server hello. | ||
| # Its length is coded on 1 byte at offset 43 and its value starts | ||
| # at offset 44. | ||
| # Match and learn on request if client hello. | ||
| stick on payload_lv(43,1) if clienthello | ||
|
|
||
| # Learn on response if server hello. | ||
| stick store-response payload_lv(43,1) if serverhello | ||
| <% elsif content[:mode] == "http" && content[:stick] && | ||
| content[:stick][:cookies] && !content[:stick][:cookies].empty? | ||
| # There are various options here, described in: | ||
| # http://stackoverflow.com/questions/27094501/haproxy-1-5-8-how-do-i-configure-cookie-based-stickiness | ||
| # We go with the stick-table to avoid no-cache and exposing backends | ||
| # through cookies. | ||
| # Note that appsession is easier, but deprecated: | ||
| # http://serverfault.com/questions/550910/haproxy-appsession-vs-cookie-precedence | ||
| -%> | ||
| stick-table type string len 64 size 100k expire <%= content[:stick][:expire] %> | ||
| <% content[:stick][:cookies].each do |cookie| -%> | ||
| stick store-response res.cook(<%= cookie %>) | ||
| stick match req.cook(<%= cookie %>) | ||
| <% end -%> | ||
| <% end -%> | ||
|
|
||
| <% content[:options].each do |option| -%> | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Style/IfUnlessModifier: Favor modifier unless usage when having a single-line body. Another good alternative is the usage of control flow &&/||. (https://github.com/bbatsov/ruby-style-guide#if-as-a-modifier)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could you fix this?